299
submitted 6 months ago by clot27@lemm.ee to c/privacy@lemmy.ml

Here's what he said in a post on his telegram channel:

🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷

🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕‍🦺

🕵️‍♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡

🕵️‍♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

Original post: https://t.me/durov/274

you are viewing a single comment's thread
view the rest of the comments
[-] ReversalHatchery@beehaw.org 39 points 6 months ago

Secret chats only. With their own, in-house encryption, that, if I remember correctly, the apps don't use according to the specifications.

Maybe I'm mixing up mtproto 1 and 2 with that second part, though.

[-] EngineerGaming@feddit.nl 17 points 6 months ago

AND only available on mobile.

[-] noodlejetski@lemm.ee 6 points 6 months ago* (last edited 6 months ago)

AND 1-on-1 chats only, no e2ee for group chats available at all.

[-] dsemy@lemm.ee 5 points 6 months ago

I don't mind in-house encryption (the Signal protocol didn't just appear out of nowhere either), however the latter part is worrying.

In any case, I personally don't trust Signal or Telegram.

[-] possiblylinux127@lemmy.zip 2 points 6 months ago

What do you trust? It seems like something like Molly is the best for compatibility and security.

[-] dsemy@lemm.ee 5 points 6 months ago

Molly still depends on Signal's centralized servers.

Best solution I know of currently is SimpleX, though Veilid (and VeilidChat by extension) also seem promising, though it might take a while for those to be usable.

[-] possiblylinux127@lemmy.zip 1 points 6 months ago

From a cryptographic and usability perspective Signal still has a few benefits. However Simplex is promising.

[-] toastal@lemmy.ml 3 points 6 months ago

The best is to not trust the centralized server of either of these platforms. Set up your own XMPP server & gives these the boot.

[-] possiblylinux127@lemmy.zip 1 points 6 months ago

No thanks. XMPP is old and dead

[-] toastal@lemmy.ml 2 points 6 months ago

XMPP is battle-tested* and thriving*

I don’t think you know how many commercial use cases are relying on XMPP, nor how much the community has been working on updates. Older technologies tend to have maturity is spec but also in implementations where the servers are robust & already at the point of optimization over chasing features. We see this with how little specs it takes to run a server & have Conversation forks on Android have some of the best battery life & data plan usage in the chat space. The network is massively decentralized too… unlike Matrix where almost everyone is on Matrix.org or a server provided/hosted by Matrix.org giving them all the metadata.

[-] SLfgb@feddit.nl 1 points 6 months ago

Molly is just Signal with a different name and on more depositories

[-] possiblylinux127@lemmy.zip 4 points 6 months ago

And no proprietary software or dependencies

[-] SLfgb@feddit.nl 1 points 6 months ago* (last edited 6 months ago)

The Signal servers it connects to run proprietary or unauditable software, no?

[-] possiblylinux127@lemmy.zip 1 points 6 months ago

All server side software is proprietary as you don't control it. With that being said having a centralized design isn't great but Signal is well known and pretty well proven.

There are other messagers but don't though Signal out so quickly.

this post was submitted on 08 May 2024
299 points (100.0% liked)

Privacy

32120 readers
249 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS